package com.jnh.investment.modules.sys.controller;

import com.jnh.investment.common.annotation.SysLog;
import com.jnh.investment.common.utils.Constant;
import com.jnh.investment.common.utils.PageUtils;
import com.jnh.investment.common.utils.R;
import com.jnh.investment.common.validator.Assert;
import com.jnh.investment.common.validator.ValidatorUtils;
import com.jnh.investment.common.validator.group.AddGroup;
import com.jnh.investment.common.validator.group.UpdateGroup;
import com.jnh.investment.modules.sys.entity.SysUserEntity;
import com.jnh.investment.modules.sys.form.PasswordForm;
import com.jnh.investment.modules.sys.service.SysUserRoleService;
import com.jnh.investment.modules.sys.service.SysUserService;
import io.swagger.annotations.ApiOperation;
import io.swagger.annotations.ApiParam;
import org.apache.commons.lang.ArrayUtils;
import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.apache.shiro.crypto.hash.Sha256Hash;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.*;

import java.util.List;
import java.util.Map;

/**
 * 系统用户
 *
 * @author wangsixian
 */
@RestController
@RequestMapping("/sys/user")
public class SysUserController extends AbstractController {
    @Autowired
    private SysUserService sysUserService;
    @Autowired
    private SysUserRoleService sysUserRoleService;


    /**
     * 所有用户列表
     */
    @ApiOperation("获取用户信息")
    @GetMapping("/list")
    @RequiresPermissions("sys:user:list")
    public R list(@RequestParam Map<String, Object> params) {
        //只有超级管理员，才能查看所有管理员列表
        if (getUserId() != Constant.SUPER_ADMIN) {
            params.put("createUserId", getUserId());
        }
        PageUtils page = sysUserService.queryPage(params);

        return R.ok().put("page", page);
    }

    /**
     * 获取登录的用户信息
     */
    @ApiOperation(value = "获取登录的用户信息", notes = "获取登录的用户信息", httpMethod = "GET")
    @GetMapping("/info")
    public R info() {
        return R.ok().put("user", getUser());
    }

    /**
     * 修改登录用户密码
     */
    @ApiOperation(value = "修改密码", notes = "修改密码", httpMethod = "POST")
    @SysLog("修改密码")
    @PostMapping("/password")
    public R password(@ApiParam(name = "密码信息", value = "传入json格式") @RequestBody PasswordForm form) {
        Assert.isBlank(form.getNewPassword(), "新密码不为能空");

        //sha256加密
        String password = new Sha256Hash(form.getPassword(), getUser().getSalt()).toHex();
        //sha256加密
        String newPassword = new Sha256Hash(form.getNewPassword(), getUser().getSalt()).toHex();

        //更新密码
        boolean flag = sysUserService.updatePassword(getUserId(), password, newPassword);
        if (!flag) {
            return R.error("原密码不正确");
        }

        return R.ok();
    }

    /**
     * 用户信息
     */
    @ApiOperation(value = "用户信息", notes = "用户信息", httpMethod = "GET")
    @GetMapping("/info/{userId}")
    @RequiresPermissions("sys:user:info")
    public R info(@ApiParam(name = "userId", value = "用户ID") @PathVariable("userId") Long userId) {
        SysUserEntity user = sysUserService.getById(userId);

        //获取用户所属的角色列表
        List<Long> roleIdList = sysUserRoleService.queryRoleIdList(userId);
        user.setRoleIdList(roleIdList);

        return R.ok().put("user", user);
    }

    /**
     * 保存用户
     */
    @ApiOperation(value = "保存用户", notes = "保存用户", httpMethod = "POST")
    @SysLog("保存用户")
    @PostMapping("/save")
    @RequiresPermissions("sys:user:save")
    public R save(@ApiParam(name = "用户信息", value = "传入json格式") @RequestBody SysUserEntity user) {
        ValidatorUtils.validateEntity(user, AddGroup.class);

        user.setCreateUserId(getUserId());
        sysUserService.saveUser(user);

        return R.ok();
    }

    /**
     * 修改用户
     */
    @ApiOperation(value = "修改用户", notes = "修改用户", httpMethod = "POST")
    @SysLog("修改用户")
    @PostMapping("/update")
    @RequiresPermissions("sys:user:update")
    public R update(@ApiParam(name = "用户信息", value = "传入json格式") @RequestBody SysUserEntity user) {
        ValidatorUtils.validateEntity(user, UpdateGroup.class);

        user.setCreateUserId(getUserId());
        sysUserService.update(user);

        return R.ok();
    }

    /**
     * 删除用户
     */
    @ApiOperation(value = "删除用户", notes = "删除用户", httpMethod = "POST")
    @SysLog("删除用户")
    @PostMapping("/delete")
    @RequiresPermissions("sys:user:delete")
    public R delete(@ApiParam(name = "用户ID", value = "传入json格式") @RequestBody Long[] userIds) {
        if (ArrayUtils.contains(userIds, 1L)) {
            return R.error("系统管理员不能删除");
        }

        if (ArrayUtils.contains(userIds, getUserId())) {
            return R.error("当前用户不能删除");
        }

        sysUserService.deleteBatch(userIds);

        return R.ok();
    }
}
